On Linux systems, apache runs as the www-data (default) user, and its user group is also www-data.
But I found that the apache log directory /var/log/apache belongs to root, and the group is adm
www-data does not have write permissions on the log directory, and it is not a user of the adm group and does not even have read permissions.
But we found that there is an apache2 process running as root, which should be the main process. Are the logs of all child processes first passed to the main process through process communication and then recorded? Or is there some other mechanism?
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
I don’t have Apache httpd here, so I wrote a program myself and tried it. Data can still be written to the file after
write时是不检查权限的,也就是说只要日志文件打开成功了,那么再改变用户 ID(setuid). Of course, in this case, how to reopen the log file is a problem. Just look at the source code of Apache httpd. A simple strace may reveal something.